Section: .. / UNIX / penetration / rootkits /
|
The software in this directory is provided for the use of System Admins only, and is provided to keep them informed on the backdoors that are currently in circulation. We strongly discourage the use of these tools without proper permission.
|
| /// File Name: |
tunnelshell_v1.tgz |
Description:
|
Tunnelshell is a client-server backdoor which uses fragmented packets to traverse firewalls. Written in C, tested on Linux.
| | Author: | Fryx | | File Size: | 15410 | | Last Modified: | Jan 31 02:18:07 2002 |
| MD5 Checksum: | d85e5b237d50e8eac3adc6a84bc13157 |
|
| /// File Name: |
udp_backdoor.tar.gz |
Description:
|
UDP backdoor which uses raw sockets. It spoofs the packets origin address when communicating with the server end of the backdoor. It also uses encryption, and has several methods of security through obscurity.
| | Author: | Plastek | | File Size: | 3380 | | Last Modified: | Feb 22 02:06:24 2002 |
| MD5 Checksum: | e631d34f6472356f7a8695a2650e6197 |
|
| /// File Name: |
ulogin.c |
Description:
|
Universal login trojan - Login trojan for pretty much any O/S. Tested on Linux, BSDI 2.0, FreeBSD, IRIX 6.x, 5.x, Sunos 5.5,5.6,5.7, and OSF1/DGUX4.0. Works by checking the DISPLAY environment variable before passing the session to the real login binary.
| | Author: | Tragedy | | Homepage: | http://www.etc-crew.org | | File Size: | 1344 | | Last Modified: | Feb 4 17:54:55 2000 |
| MD5 Checksum: | 4d5c12f579e07686a1b350c0064601f4 |
|
| /// File Name: |
utrojan.c |
Description:
|
Universal remote unix trojan - This wrapper can backdoor nearly any service on any platform. Tested on login / imapd / qpopd.
| | Author: | Axess | | File Size: | 1625 | | Last Modified: | Feb 7 15:13:50 2000 |
| MD5 Checksum: | 40afffb1f5acd39467e53bb6b41088d1 |
|
| /// File Name: |
vexed.sh |
Description:
|
Backdoor shell script to be run from cron monthly.
| | Author: | Sil | | File Size: | 3109 | | Last Modified: | Nov 22 04:28:40 2001 |
| MD5 Checksum: | 0793fc12f1e7d665299d8bcc965302b0 |
|
| /// File Name: |
whodo.c |
Description:
|
Whodo.c is a simple local backdoor for the Solaris whodo command.
| | Author: | Dr. Genius | | File Size: | 20226 | | Last Modified: | Aug 17 12:56:35 2000 |
| MD5 Checksum: | 7ebf7fd1c6e52d36f0e165c4185020d4 |
|
| /// File Name: |
wnetstat.pl |
Description:
|
wnetstat.pl is a small perl wrapper script to hide IPs from netstat.
| | Author: | bunker | | Homepage: | http://rawlab.altervista.org | | File Size: | 543 | | Last Modified: | Apr 28 20:02:48 2006 |
| MD5 Checksum: | 8f3a29040d5ca112c203aeb2f9c2d3ac |
|
| /// File Name: |
wu-ftpd-trojan.tar.gz |
Description:
|
Wu-ftpd Trojan - Login with specific user/pass and it gives you a root shell.
| | Author: | Axess | | File Size: | 243698 | | Last Modified: | Feb 15 14:09:38 2000 |
| MD5 Checksum: | d4898700229efa2117f06379ec538d6c |
|
| /// File Name: |
wx-01.tar.gz |
Description:
|
New Macintosh OS-X rootkit that is roughly based off of adore. It hides itself from kextstat, netstat, utmp and wtmp. Further revisions to include a reverse shell triggered by ARP and DNS packets.
| | Author: | nemo | | Homepage: | http://neil.slampt.net/ | | File Size: | 263191 | | Last Modified: | Oct 27 02:49:35 2004 |
| MD5 Checksum: | 57d1312f1e101f52b9b08e4d557a2f99 |
|
| /// File Name: |
wX.tar.gz |
Description:
|
WeaponX is a kernel based rootkit for Mac OSX which is roughly based on adore. It runs as a kernel extension, similar to a LKM. Requires Xcode. Readme available here.
| | Author: | Nemo | | Homepage: | http://neil.slampt.net/files/Projects/weaponX/ | | File Size: | 271409 | | Last Modified: | Nov 4 18:22:59 2004 |
| MD5 Checksum: | 12fa6fb5faf460fce717f8d298625bd0 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
